A collection of powershell tools
SAP
Office
Wifi
- jcwalker/WiFiProfileManagement - Module used for management of wireless profiles
- gist: Get-WlanEnterprisePassword.ps1
Audit
Active directory
- samratashok/ADModule - Microsoft signed ActiveDirectory PowerShell module (windows 2016里面复制出来的,有签名,可以绕过CLM限制)
- lazywinadmin/AdsiPS - PowerShell module to interact with Active Directory using ADSI and the System.DirectoryServices namespace (.NET Framework)
- russelltomkins/Active-Directory - Collection of scripts for Querying and Managing Active Directory and Domain Controllers - 包含一些账号查询脚本,比如密码不过期的、开启了kerberos delegation的账号
IOT
Security software/feature evasion
Deobfuscation
- danielbohannon/Revoke-Obfuscation - PowerShell Obfuscation Detection Framework
- R3MRUM/PSDecode - PowerShell script for deobfuscating encoded PowerShell scripts
- JohnLaTwC/PyPowerShellXray - Python script to decode common encoded PowerShell scripts
- Analysis tools
Network
- nettitude/SharpSocks - Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
- gist: portfwd.ps1 - Simple TCP port forwarder
Obfuscator
- danielbohannon/Invoke-CradleCrafter - PowerShell Remote Download Cradle Generator & Obfuscator
- danielbohannon/Invoke-Obfuscation - PowerShell Obfuscator
- danielbohannon/Invoke-DOSfuscation - Cmd.exe Command Obfuscation Generator & Detection Test Harness
- ChrisAD/ads-payload - take any payload and put it in the a bat script which delivers the payload. The payload is delivered using environment variables, alternating data streams and wmic.
Post exploitation
- homjxi0e/PowerAvails - PowerAvails Powershell .NET System Operating
- peewpw/Invoke-WCMDump - PowerShell Script to Dump Windows Credentials from the Credential Manager
- xorrior/RandomPS-Scripts - PowerShell Scripts focused on Post-Exploitation Capabilities
- Cn33liz/p0wnedShell - PowerShell Runspace Post Exploitation Toolkit
- PowerTools/PowerPick - Various ways of executing Powershell functionality without the use of Powershell
- besimorhino/Pause-Process - PowerShell script which allows pausing\unpausing Win32/64 exes
- fridgehead/Powershell-SSHTools - A bunch of useful SSH tools for powershell
- klsecservices/Invoke-Vnc - Powershell VNC injector
PE tools
Decoder / Deobfuscation
Misc scripts collections
- https://github.com/FuzzySecurity/PowerShell-Suite
- https://github.com/Mr-Un1k0d3r/RedTeamPowershellScripts
- https://github.com/SadProcessor/SomeStuff
Uncategorized
- clr2of8/SlackExtract - A PowerShell script to download all files, messages and user profiles that a user has access to in slack
- p3nt4/Invoke-TmpDavFS - In Memory Powershell WebDav Server
- trustedsec/unicorn - a simple tool for using a PowerShell downgrade attack and inject shellcode straight into memory.
- rvrsh3ll/Misc-Powershell-Scripts
- Parses signature data from the db and dbx UEFI variables
- Kevin-Robertson/Powermad - PowerShell MachineAccountQuota and DNS exploit tools
- gist: Checks the %USERPROFILE% directory for any file with library-ms extension and extract the CLSID. In particular, the element with shell command
- felixweyne/ProcessSpawnControl - a Powershell tool which aims to help in the behavioral (process) analysis of malware. PsC suspends newly launched processes, and gives the analyst the option to either keep the process suspended, or to resume it
- Kevin-Robertson/Powermad - PowerShell MachineAccountQuota and DNS exploit tools